I'd recommend storing you keys in files, and using lookup('file', ...)
The. You can store multiple keys in a single file.
Additionally you could just store multiple keys as a string with new lines
in your current data structure and not try using a list.
On Wednesday, May 7, 2014, Bruce Pennypacker <[email protected]>
wrote:
> We have a role that defines user accounts as follows:
>
> users:
> - username: user1
> comment: User 1
> uid: 3001
> ssh_key: "xxx"
>
> - username: user2
> comment: User 2
> uid: 3002
> ssh_key: "yyy"
>
> Users are then grouped by name into other lists:
>
> regular_users:
> - user1
> - user2
> ...
>
> ops_users:
> - user3
> - user4
> ...
>
> Our hosts then have a fact called user_roles that's a list of each group
> of users and individual usernames to create accounts for. We then have
> tasks defined like this:
>
> - name: add users
> user: name={{ item.username }}
> comment="{{ item.comment }}"
> uid={{ item.uid }}
> when: item.username in lookup('flattened',user_roles)
> with_items: users
>
> - name: add SSH keys
> authorized_key: user={{ item.username }}
> key="{{ item.ssh_key }}"
> when: item.username in lookup('flattened',user_roles) and item.ssh_key
> is defined
> with_items: users
>
> All of this is working great. We're managing about 50 different user
> accounts over 80 servers in varying groups without any difficulty. But now
> I'd like to be able to extend this to support multiple SSH keys for each
> user. So I'd like to be able to define a user along these lines:
>
> - username: userFoo
> comment: User Foo
> uid: 4321
> ssh_keys: [ 'xxx', 'yyy', 'zzz']
>
> But if I do this then I'm at a complete loss of how to rewrite the
> authorized_key task to handle it properly. At first glance I would expect
> that I'd need to use with_nested but I'm not entirely sure how to go about
> doing it. I tried variations of this, but haven't gotten anything to work:
>
> - name: add multiple SSH keys
> authorized_key: user={{ item[0].username }}
> key="{{ item.[1] }}"
> when: item[0].username in lookup('flattened',user_roles) and
> item[0].ssh_keys is defined
> with_nested:
> - users
> - item[0].ssh_keys
>
> Is there a better way of managing a dynamic list of ssh keys? Or am I
> just trying something that's too complex for Ansible to handle cleanly?
>
> -Bruce
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to
> [email protected]<javascript:_e(%7B%7D,'cvml','ansible-project%[email protected]');>
> .
> To post to this group, send email to
> [email protected]<javascript:_e(%7B%7D,'cvml','[email protected]');>
> .
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/ed9760ef-ae4d-4403-b145-2e8d0ec84d34%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/ed9760ef-ae4d-4403-b145-2e8d0ec84d34%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
--
Matt Martz
[email protected]
http://sivel.net/
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CAD8N0v9OBLEkjZkq0qFN9zT2JHwrKxJrJ-%3DH3CR2SsH%2B39pn%2BA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
